After a recent data breach where an adversary successfully exfiltrated sensitive data, the incident response team has completed the containment and eradication stages. Which action would BEST equip the team to perform root cause analysis and determine the original vulnerability exploited?
Running a comprehensive vulnerability scan on all networked systems
Conducting a thorough analysis of security logs for signs of initial compromise
Scheduling a complete review of all organizational security policies and procedures
Initiating a campaign to re-educate all users about phishing and social engineering